Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] TCP checksum off-by-one errors?
From: "Matthias Pigulla" <mp@xxxxxxxxxxxxx>
Date: Thu, 5 Mar 2009 09:14:18 +0100
Hi all,
I used Wireshark 1.0.6 for capturing...
> Well - the way you decribed the problem lead me to believe that there
> is a firewall in the path between sender and
> receiver. And if this firewall does NAT and/or Initial Sequence Number
> randomization, it will also have to rewrite the
> checksum so that the checksum is valid for the rewritten packet. That
> process might be faulty, hence the firewall would
> actually be the source and cause of the invalid checksum values.
>
> Are you able to sniff out these packets on both sides of the firewall
> and compare them to each other in W'shark?
<test>,
<different clients>--<firewall>-|--...--<remote host>
<sniff>ยด
The packets with wrong checksums are just those sent from the remote host back to the firewall (which NATs the different clients). The firewall seems to just discard those packets as they cannot be seen behind the firewall anymore. Packets from the firewall to the remote host are all ok.
When connecting to the remote host from "test", all checksums (both directions) are ok.
I have no idea what to look for... :-(
Thanks
Matthias
- Follow-Ups:
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- From: Matthias Pigulla
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- References:
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- From: netztier@xxxxxxxxxx
- Re: [Wireshark-users] TCP checksum off-by-one errors?
- Prev by Date: Re: [Wireshark-users] Reading multiple files in tcpdump
- Next by Date: [Wireshark-users] ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
- Previous by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
- Next by thread: Re: [Wireshark-users] TCP checksum off-by-one errors?
- Index(es):